module
RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
| Disclosed | Created |
|---|---|
| Apr 4, 2000 | May 30, 2018 |
Disclosed
Apr 4, 2000
Created
May 30, 2018
Description
This module abuses two flaws - a metacharacter injection vulnerability in the
HTTP management server of RedHat 6.2 systems running the Piranha
LVS cluster service and GUI (rpm packages: piranha and piranha-gui).
The vulnerability allows an authenticated attacker to execute arbitrary
commands as the Apache user account (nobody) within the
/piranha/secure/passwd.php3 script. The package installs with a default
user and password of piranha:q which was exploited in the wild.
HTTP management server of RedHat 6.2 systems running the Piranha
LVS cluster service and GUI (rpm packages: piranha and piranha-gui).
The vulnerability allows an authenticated attacker to execute arbitrary
commands as the Apache user account (nobody) within the
/piranha/secure/passwd.php3 script. The package installs with a default
user and password of piranha:q which was exploited in the wild.
Author
aushack patrick@osisecurity.com.au
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.